Registrars Would Benefit From A Customer Perspective – Part 3

by Christopher Paris
VP Operations, Oxebridge Quality Resources International

(Read part 2 of this article here.)

Summarizing the Customer’s Perspective

Registrars must understand, remember, and then train their staff on the following truisms:

• Clients project their entire perception of ISO 9001 onto the auditor. The auditor is the face of the registration company, the ISO 9001 standard, the certification process, even ISO the organization itself.
• Clients are fearful during the audit. They display this in a number of ways, but they are all apprehensive. This may show itself as timidity or confrontational anger, but it’s the same emotion.
• Most clients are pursuing ISO 9001 because they have to, not because they want to. As a result, they do not respond to a lot of talk about the benefits of ISO 9001, and any aggressive behavior on the part of the auditor will make a bad perception worse.
• Clients resent “advice” based on other companies or the auditor’s previous experience. This implies the client is stupid, and the auditor a genius, something most clients are not willing to accept as fact. Invoking other companies also, indirectly, insults the client’s company.
• Clients resent “suggestions” or “OFI’s” even if they don’t tell you. Again, this is an insult to their intelligence, and an end-run around the QMS’ role as the machine that drives improvement.
• Clients want the final report to be complete, clear, and comprehensive. They are not interested in anything outside of the report, such as auditor’s verbal “off-the-record” comments,  “unofficial” notes or “yellow pad auditing” tactics.
• Clients want (and deserve) clearly-written nonconformities. If a nonconformity lacks evidence, and a clear description of the disconnect between the requirement and the evidence, they cannot take proper corrective action.
• Clients are not subject to your accreditation rules. Clients are certified to ISO 9001, not ISO 17021.
• Clients bristle at arrogant, “cowboy” auditors. A little less ego, and more common decency, go a long way.
• Clients hate pre-paid contracts. This is a new trend I am seeing, and all clients hate it. Some registrars are requiring full payment up front, and those registrars are losing market share as a result.
• Clients listen to auditors’ long-winded blather only to run out the clock, not because they care. Talkative auditors do a disservice to their clients and to the credibility of the audit process; the client isn’t interested, they just want to get to the closing meeting.
• Clients will not use your complaint system, they will just fire you. Perhaps without good reason, clients nevertheless believe that a formal complaint to a registrar will result in retaliation; in this market, it’s easier to switch registrars and avoid the problem entirely.
• Clients want the registrar to respect their consultants. Under ISO 9001 there is no prohibition against having a consultant present during an audit, and clients get angry when registrars attempt to trump legally binding service contracts they have with consultants. So long as the consultant does not interfere with the integrity of the audit, registrar prohibitions violate US contract law.
• Clients hate that you forget they are the customer. They understand you have a job to do, but they also know they can fire you, and you should remember that.

What’s A Registrar To Do?
The common theme here is simple, and breaks down to four criteria: clients want a reasonable, compassionate auditor who is objective and sticks to the rules. For that last point, I mean the rules that govern them, not just the rules they hold clients to. Registrars must screen their auditor pools to weed out any auditor who doesn’t exhibit all four traits, and then train and re-train the pool to ensure these qualities stick.

• Reasonableness. Clients want an auditor (and the entire certification body behind him or her) to be reasonable. This means having a strong understanding of the ISO 9001 or AS9100 standard, while being open to the client’s interpretation of that standard. Reasonableness means an auditor cannot bring their baggage to an audit: no previous experience, no prejudicial slants, no expectations, and no ego.
• Compassion. This word may evoke feelings of weakness, femininity, or even New Age spirituality — all of which are viewed as problems in the macho, “greed is good” business culture in the US — but true compassion is simply understanding the position of the client. It does not mean agreeing with it, condoning it, or yielding to it. It simply means understanding it. From that starting point, an auditor can judge the client’s management system from a non-emotional perspective, free from prejudice and open only to facts. This latter point does not mean stopping at the first fact, but being open to allowing the client to present their facts when they seek to challenge a finding, and not digging in one’s heels and refusing debate. Compassion requires the auditor’s ego to take a back seat, at least during the audit.
• Objectivity. An accreditation requirement, auditors must be objective. Unfortunately, the US climate that endorses auditor advice (poorly hidden as “what I’ve seen in other companies”), suggestions for improvement, and presenting auditors as “experts” in whatever industry they are auditing, — these things all erode away at objectivity. Instead, an auditor must come into an audit armed only with their knowledge of the standard, and then allow the client to present their system for an objective, dispassionate review. No comparisons to other companies, no assumptions lacking evidence, and no arguing.
• Rule abiding. Clients are aware that there are some rules governing auditors and registrars, even if they don’t know what they are. But they do get a strong sense when an auditor is failing to abide by the rules, usually because this means the auditor has done something to make the client uncomfortable, or has written a finding that doesn’t make sense to the client. Auditors must be well-versed in ISO 17021, as much as they are ISO 9001 or AS9100, and CB management must hold auditors accountable when they fail to abide by those rules. This also means that certification bodies must do more to monitor auditor’s compliance with the rules.

Perhaps with good intentions, or perhaps not, one way or the other registrars and accreditation bodies have allowed auditors to focus less on their only purpose — to assess compliance against a standard — and perform all sorts of other tasks, and get away with all sorts of bad behavior.

Recalling the Purpose of Registration Audits

A return to the roots of auditing, the very primary purpose, if you will, is what’s required. But with so much marketing mumbo-jumbo polluting the air, it’s easy to forget what the registrar’s role is supposed to be.

ISO 17021 reminds us:

Certification of a management system provides independent demonstration that the management system of the organization:

a) conforms to specified requirements,

b) is capable of consistently achieving its stated policy and objectives, and

c) is effectively implemented.

The first two are simple. Auditing comfirms compliance to (a) the standard, and (b) the company’s own system.

It’s that third bullet that causes problems. How do you judge if something is “effectively” implemented? This introduces subjectivity, which accreditation bodies and registrars have not only tolerated, but embraced. But the three points cannot be separated from each other, and must be taken as a whole.

If one understands (a) and (b), then (c) merely means determining if compliance is effectively implemented, not if the QMS is effective according to some auditor’s subjective comparison to the rest of the world. A batch of uncontrolled documents found during an audit reflects a lack of effectiveness, because it can be traced back to a specific violation of a specific clause. A company that is struggling to make on-time deliveries improve, and who is making tangible, recorded efforts to do so, is not “ineffective” even if the current trend is dipping, if there is no clear nonconformity.

The notion of “judging effectiveness” has opened a Pandora’s box of problems, stemming from auditors awkward attempts to offer improvements, using their experience and opinions, in the name of “effectiveness.” The Smithers auditor I mentioned earlier repeatedly said, “I wouldn’t be doing my job if I didn’t offer suggestions to improve your client’s effectiveness.”

Actually, no. You would be doing your job if you did the exact opposite.

Registrars need to write the following on their walls, and tattoo it on the inside of their auditors’ brainpans:

Just assess compliance.

It’s easy, when you think about it, and a whole lot less work and headache for everyone involved.

Christopher Paris is founder and VP Operations for Oxebridge Quality Resources International, a former member of the US TAG to TC 176, the International Federation of Standards Users, and a former auditor with various accredited registrars. He has worked to advocate for the rights and benefits of standards end users since 1989, has personally attended almost 200 third party audits.